ref: c463f5dfecc655674f7907e428efd7d3535e3253
parent: 0d97a03e8219a7796eacd6ba1a67d927db4f712e
author: sirjofri <sirjofri@sirjofri.de>
date: Tue Dec 15 05:25:08 EST 2020
fix
--- a/pub/changeblog.plain.xml
+++ b/pub/changeblog.plain.xml
@@ -8,62 +8,62 @@
<rights>© Copyright 2020 sirjofri</rights>
<id>https://sirjofri.de/</id>
<title>changeblog</title>
-<updated>2020-12-15T11:21:42+01:00</updated>
+<updated>2020-12-15T11:24:57+01:00</updated>
<entry>
<title>Restrict RCPU User Access to Groups</title>
<id>https://sirjofri.de/changeblog/1596011563/</id>
<link href="https://sirjofri.de/changeblog/1596011563/"/>
<updated>2020-07-29T10:32:43+02:00</updated>
- <content type="text">
-
-
-
- Restrict RCPU User Access to Groups
-
-
-
-This is how to restrict user access to groups. You can use this to enable rcpu access for all users of a spe-
-cific group. All other groups will not be allowed.
-
-To allow access only to sys group members: adjust your /rc/bin/service/tcp17019
-
- #!/bin/rc
- userfile=/adm/users
- fn useringroup{
- grep $1 $userfile | {
- found=0
- while(~ $found 0 && line=`:{read}){
- if(~ $line(2) $2){
- found=1
- }
- }
- if(~ $found 1)
- status=''
- if not
- status='not found'
- }
- }
- if(~ $#* 3){
- netdir=$3
- remote=$2!`{cat $3/remote}
- }
- fn server {
- ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
- rm -f /env/'fn#server'
- . <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1]
- }
- exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'
-
-This checks if the user is in group sys and only then calls the server function. Otherwise the connection
-is terminated.
-
-This is especially useful if you want a CPU server to expose filesystems and have cpu access for adminis-
-trators only.
-
-
-
-
-
+ <content type="text">
+
+
+
+ Restrict RCPU User Access to Groups
+
+
+
+This is how to restrict user access to groups. You can use this to enable rcpu access for all users of a spe-
+cific group. All other groups will not be allowed.
+
+To allow access only to sys group members: adjust your /rc/bin/service/tcp17019
+
+ #!/bin/rc
+ userfile=/adm/users
+ fn useringroup{
+ grep $1 $userfile | {
+ found=0
+ while(~ $found 0 && line=`:{read}){
+ if(~ $line(2) $2){
+ found=1
+ }
+ }
+ if(~ $found 1)
+ status=''
+ if not
+ status='not found'
+ }
+ }
+ if(~ $#* 3){
+ netdir=$3
+ remote=$2!`{cat $3/remote}
+ }
+ fn server {
+ ~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
+ rm -f /env/'fn#server'
+ . <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1]
+ }
+ exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'
+
+This checks if the user is in group sys and only then calls the server function. Otherwise the connection
+is terminated.
+
+This is especially useful if you want a CPU server to expose filesystems and have cpu access for adminis-
+trators only.
+
+
+
+
+
</content>
</entry>
@@ -72,35 +72,35 @@
<id>https://sirjofri.de/changeblog/1594885496/</id>
<link href="https://sirjofri.de/changeblog/1594885496/"/>
<updated>2020-07-16T09:44:56+02:00</updated>
- <content type="text">
-
-
-
- lib/profile quick hack
-
-
-
-Some smaller change that can change your life.
-
-There are reasons why you not run rio in your lib/profile. For me the main reason would be: You can no
-longer use commandsrcpu-c in your shell. Rio opens and there you are, stuck in front of a gray back-
-ground.
-
-My solution:
-
- case cpu
- # … lots of stuff …
- rcpucmd=`{cat /mnt/term/env/cmd >[2]/dev/null}
- if(~ $#rcpucmd 0)
- rio
- # … lots of stuff …
-
-Now I can rcpu and have my rio, or rcpu -c command and run the command without leaving my shell.
-
-
-
-
-
+ <content type="text">
+
+
+
+ lib/profile quick hack
+
+
+
+Some smaller change that can change your life.
+
+There are reasons why you not run rio in your lib/profile. For me the main reason would be: You can no
+longer use commandsrcpu-c in your shell. Rio opens and there you are, stuck in front of a gray back-
+ground.
+
+My solution:
+
+ case cpu
+ # … lots of stuff …
+ rcpucmd=`{cat /mnt/term/env/cmd >[2]/dev/null}
+ if(~ $#rcpucmd 0)
+ rio
+ # … lots of stuff …
+
+Now I can rcpu and have my rio, or rcpu -c command and run the command without leaving my shell.
+
+
+
+
+
</content>
</entry>
@@ -109,141 +109,141 @@
<id>https://sirjofri.de/changeblog/1594881674/</id>
<link href="https://sirjofri.de/changeblog/1594881674/"/>
<updated>2020-07-16T08:41:14+02:00</updated>
- <content type="text">
-
-
-
- Mail Server Configuration
-
-
-
-Recently I installed my mail server on 9front. Most of the time I followed the guide in the FQA, but still
-there are things to explain. In this document I'll go through the section of the FQA and annotate things.
-
-Right at the beginning the FQA mentions how the executing user needs write permissions for the mail-
-boxes. This is If upas can't write the mailboxes the mail server will not accept incoming mail!
-
-In my setup I can skip all DNS stuff, because I have my DNS hosted somewhere else. Make sure to add
-proper MX records as well as (at least) an SPF record.
-
-/mail/lib/smtpd.conf
-
-To make things short, here are the necessary lines in my setup. The server handles authenticated incoming
-mail for sending to other providers as well as incoming mail for local accounts.
-
- defaultdomain sirjofri.de
- norelay on
- verifysenderdom on
- saveblockedmsg off
- ourdomains sirjofri.de
-
-Note that the server is no relay for unauthenticated/untrusted requests, it will still relay if you authenticate.
-
-At this point it might be a good idea to check your user password. Use auth/changeuser to add
-Inferno/POP secrets to your user accounts. Use these passwords to authenticate to the smtp server.
-
-/mail/lib/rewrite
-
-The program that handles sending mail uses this file to rewrite mail addresses. This file is responsible for
-filtering out local mail as well as sending other mails to the mailer.
-
-In my setup I added three aliases:
-
- pOsTmAsTeR alias postmaster
- aBuSe alias abuse
- wEbMaStEr alias webmaster
-
-Use regular expressions to define your domain:
-
- \l!(.*) alias \1
- \l\.sirjofri.de!(.*) alias \1
- sirjofri.de!(.*) alias \1
-
-For translating mails I added one more rule for mail address tags. These tags are in the form of
-user+tag@example.com. Official specifications say that everything behind that “+” must be ignored, but it
-can be used to automatically sort incoming mail into folders. I do this, by the way, so I describe here, how.
-
-We need rules for those plus signs:
-
- \"(.+)\+(.*)\" translate "echo `{/bin/upas/aliasmail '\1'}^'+\2'"
- # The other translate rules are default
-
-For delivering local mails, I added extra rules:
-
- local!(.+)\+(.+) | "/bin/test -d /mail/box/\1/\2 \&\&
- /bin/upas/mbappend /mail/box/\1/\2 || /bin/upas/mbappend
- /mail/box/\1/mbox"
- local!"(.+)+(.+) | "/bin/test -d /mail/box/\1/\2 \&\&
-
-
-
-
- - 2 -
-
-
- /bin/upas/mbappend /mail/box/\1/\2 || /bin/upas/mbappend
- /mail/box/\1/mbox"
- # leave the other rules untouched.
-
-With this settings, mails to user+tag will be checked. If a mailbox folder for tag exists, mail is sent to this
-folder. Otherwise it is sent to the user's default inbox. Note: I tested, but this does not work with aliased
-mail. If my aliasmail changes userA to userB, mails to userA+tag will be rejected! If you know how I can
-make this work, feel free to send me a mail.
-
-/mail/lib/names.local
-
-This file is pretty easy. Just add your alias mail addresses:
-
- postmaster sirjofri
- webmaster sirjofri
- abuse sirjofri
-
-/mail/lib/remotemail
-
- #!/bin/rc
- shift
- sender=$1
- shift
- addr=$1
- shift
- fd=`{/bin/upas/aliasmail -f $sender}
- switch($fd){
- case *.*
- ;
- case *
- fd=sirjofri.de
- }
- exec /bin/upas/smtp -h $fd $addr $sender $*
-
-SMTP over TLS
-
-I don't use port 587. I use 25 for this. Mail servers relay mails to this port by default, so it makes sense.
-
-/rc/bin/service/tcp25
-
- #!/bin/rc
- user=`{cat /dev/user}
- exec /bin/upas/smtpd -f -E -r -c /sys/lib/tls/cert -n $3
-
-Don't forget to create your TLS certificate!
-
-IMAP4 over TLS
-
-I did this exactly like the FQA. See there.
-
-No.
-
-At this point I stopped. I did not configure ratfs and have no spam handling right now. It doesn't really mat-
-ter for me, because nobody knows me and I don't use that mail address to register anywhere.
-
-Links:
-
-→ https://fqa.9front.org/fqa7.html#7.7
-
-
-
-
-
+ <content type="text">
+
+
+
+ Mail Server Configuration
+
+
+
+Recently I installed my mail server on 9front. Most of the time I followed the guide in the FQA, but still
+there are things to explain. In this document I'll go through the section of the FQA and annotate things.
+
+Right at the beginning the FQA mentions how the executing user needs write permissions for the mail-
+boxes. This is If upas can't write the mailboxes the mail server will not accept incoming mail!
+
+In my setup I can skip all DNS stuff, because I have my DNS hosted somewhere else. Make sure to add
+proper MX records as well as (at least) an SPF record.
+
+/mail/lib/smtpd.conf
+
+To make things short, here are the necessary lines in my setup. The server handles authenticated incoming
+mail for sending to other providers as well as incoming mail for local accounts.
+
+ defaultdomain sirjofri.de
+ norelay on
+ verifysenderdom on
+ saveblockedmsg off
+ ourdomains sirjofri.de
+
+Note that the server is no relay for unauthenticated/untrusted requests, it will still relay if you authenticate.
+
+At this point it might be a good idea to check your user password. Use auth/changeuser to add
+Inferno/POP secrets to your user accounts. Use these passwords to authenticate to the smtp server.
+
+/mail/lib/rewrite
+
+The program that handles sending mail uses this file to rewrite mail addresses. This file is responsible for
+filtering out local mail as well as sending other mails to the mailer.
+
+In my setup I added three aliases:
+
+ pOsTmAsTeR alias postmaster
+ aBuSe alias abuse
+ wEbMaStEr alias webmaster
+
+Use regular expressions to define your domain:
+
+ \l!(.*) alias \1
+ \l\.sirjofri.de!(.*) alias \1
+ sirjofri.de!(.*) alias \1
+
+For translating mails I added one more rule for mail address tags. These tags are in the form of
+user+tag@example.com. Official specifications say that everything behind that “+” must be ignored, but it
+can be used to automatically sort incoming mail into folders. I do this, by the way, so I describe here, how.
+
+We need rules for those plus signs:
+
+ \"(.+)\+(.*)\" translate "echo `{/bin/upas/aliasmail '\1'}^'+\2'"
+ # The other translate rules are default
+
+For delivering local mails, I added extra rules:
+
+ local!(.+)\+(.+) | "/bin/test -d /mail/box/\1/\2 \&\&
+ /bin/upas/mbappend /mail/box/\1/\2 || /bin/upas/mbappend
+ /mail/box/\1/mbox"
+ local!"(.+)+(.+) | "/bin/test -d /mail/box/\1/\2 \&\&
+
+
+
+
+ - 2 -
+
+
+ /bin/upas/mbappend /mail/box/\1/\2 || /bin/upas/mbappend
+ /mail/box/\1/mbox"
+ # leave the other rules untouched.
+
+With this settings, mails to user+tag will be checked. If a mailbox folder for tag exists, mail is sent to this
+folder. Otherwise it is sent to the user's default inbox. Note: I tested, but this does not work with aliased
+mail. If my aliasmail changes userA to userB, mails to userA+tag will be rejected! If you know how I can
+make this work, feel free to send me a mail.
+
+/mail/lib/names.local
+
+This file is pretty easy. Just add your alias mail addresses:
+
+ postmaster sirjofri
+ webmaster sirjofri
+ abuse sirjofri
+
+/mail/lib/remotemail
+
+ #!/bin/rc
+ shift
+ sender=$1
+ shift
+ addr=$1
+ shift
+ fd=`{/bin/upas/aliasmail -f $sender}
+ switch($fd){
+ case *.*
+ ;
+ case *
+ fd=sirjofri.de
+ }
+ exec /bin/upas/smtp -h $fd $addr $sender $*
+
+SMTP over TLS
+
+I don't use port 587. I use 25 for this. Mail servers relay mails to this port by default, so it makes sense.
+
+/rc/bin/service/tcp25
+
+ #!/bin/rc
+ user=`{cat /dev/user}
+ exec /bin/upas/smtpd -f -E -r -c /sys/lib/tls/cert -n $3
+
+Don't forget to create your TLS certificate!
+
+IMAP4 over TLS
+
+I did this exactly like the FQA. See there.
+
+No.
+
+At this point I stopped. I did not configure ratfs and have no spam handling right now. It doesn't really mat-
+ter for me, because nobody knows me and I don't use that mail address to register anywhere.
+
+Links:
+
+→ https://fqa.9front.org/fqa7.html#7.7
+
+
+
+
+
</content>
</entry>
@@ -252,42 +252,42 @@
<id>https://sirjofri.de/changeblog/1593621046/</id>
<link href="https://sirjofri.de/changeblog/1593621046/"/>
<updated>2020-07-01T18:30:46+02:00</updated>
- <content type="text">
-
-
-
- Guided Replica
-
-
-
-Today I installed on my VPS. I noticed that I can write some helper scripts around it and here they are.
-
-You can download them from https://sirjofri.de/files/guidedreplica.
-
-You can install it like that:
-
-# bind your client $home to /n/rclient
-# bind your server $home to /n/rserver
-hget https://sirjofri.de/files/guidedreplica/guidedreplica.rc | rc
-# follow the prompts
-
-This will also install two helper scripts to $home/bin/rc/replica/. Reproto copies one proto over
-the other. You can choose which one you want to keep. Reupdate is helpful if there are update-update
-errors. It should automatically solve them (untested, but should work).
-
-Update: has issues. Often it does a bad job tracking changes, leaving removed files there and vice versa. I
-never encountered data loss, only inconsistencies in the copies.
-
-Many people use which does not overwrite changed files. At some point I will build some scripts around it
-and use that instead of
-
-(Files: https://sirjofri.de/files/guidedreplica/README
-https://sirjofri.de/files/guidedreplica/guidedreplica.rc)
-
-
-
-
-
+ <content type="text">
+
+
+
+ Guided Replica
+
+
+
+Today I installed on my VPS. I noticed that I can write some helper scripts around it and here they are.
+
+You can download them from https://sirjofri.de/files/guidedreplica.
+
+You can install it like that:
+
+# bind your client $home to /n/rclient
+# bind your server $home to /n/rserver
+hget https://sirjofri.de/files/guidedreplica/guidedreplica.rc | rc
+# follow the prompts
+
+This will also install two helper scripts to $home/bin/rc/replica/. Reproto copies one proto over
+the other. You can choose which one you want to keep. Reupdate is helpful if there are update-update
+errors. It should automatically solve them (untested, but should work).
+
+Update: has issues. Often it does a bad job tracking changes, leaving removed files there and vice versa. I
+never encountered data loss, only inconsistencies in the copies.
+
+Many people use which does not overwrite changed files. At some point I will build some scripts around it
+and use that instead of
+
+(Files: https://sirjofri.de/files/guidedreplica/README
+https://sirjofri.de/files/guidedreplica/guidedreplica.rc)
+
+
+
+
+
</content>
</entry>
@@ -296,44 +296,44 @@
<id>https://sirjofri.de/changeblog/1593448779/</id>
<link href="https://sirjofri.de/changeblog/1593448779/"/>
<updated>2020-06-29T18:39:39+02:00</updated>
- <content type="text">
-
-
-
- 9front on Netcup VPS
-
-
-
-Today I installed 9front on a Netcup VPS. Here are some notes if you want to do it yourself.
-
-I used the smallest VPS option. Currently, that's “VPS 200 G8”. It costs like 2.69 Euro, but you might be
-able to find some way to make it cheaper.
-
-After ordering it might take some time until the server is up and ready. By default debian was installed in a
-GPT, we can ignore that.
-
-Before we can install our custom ISO we first must upload it somewhere. This is done via FTP (you get the
-access data from the SCP), I used windows default file explorer (ftp://user@address, enter password). Copy
-the 9front ISO in /cdrom. This will take some time.
-
-Meanwhile you can delete the virtual disk and create a new one. You need your SCP password for this.
-This step is necessary to remove the GPT. Of course you could manually reformat the disk, but deleting the
-disk will save time.
-
-In the settings you can virtually insert the iso as a DVD and verify the boot order (DVD first). Start up the
-machine and switch to the web VNC display.
-
-At this point you can proceed with the default 9front installation described in the fqa. Don't forget to
-install the MBR and activate the partition. Otherwise there are no additional special steps besides manually
-configuring the /lib/ndb/local after installation. In my case I made an auth server.
-
-Currently it seems to work fine. I installed the machine today, so there might be some issues I didn't find
-yet.
-
-
-
-
-
+ <content type="text">
+
+
+
+ 9front on Netcup VPS
+
+
+
+Today I installed 9front on a Netcup VPS. Here are some notes if you want to do it yourself.
+
+I used the smallest VPS option. Currently, that's “VPS 200 G8”. It costs like 2.69 Euro, but you might be
+able to find some way to make it cheaper.
+
+After ordering it might take some time until the server is up and ready. By default debian was installed in a
+GPT, we can ignore that.
+
+Before we can install our custom ISO we first must upload it somewhere. This is done via FTP (you get the
+access data from the SCP), I used windows default file explorer (ftp://user@address, enter password). Copy
+the 9front ISO in /cdrom. This will take some time.
+
+Meanwhile you can delete the virtual disk and create a new one. You need your SCP password for this.
+This step is necessary to remove the GPT. Of course you could manually reformat the disk, but deleting the
+disk will save time.
+
+In the settings you can virtually insert the iso as a DVD and verify the boot order (DVD first). Start up the
+machine and switch to the web VNC display.
+
+At this point you can proceed with the default 9front installation described in the fqa. Don't forget to
+install the MBR and activate the partition. Otherwise there are no additional special steps besides manually
+configuring the /lib/ndb/local after installation. In my case I made an auth server.
+
+Currently it seems to work fine. I installed the machine today, so there might be some issues I didn't find
+yet.
+
+
+
+
+
</content>
</entry>
@@ -342,27 +342,27 @@
<id>https://sirjofri.de/changeblog/1592917245/</id>
<link href="https://sirjofri.de/changeblog/1592917245/"/>
<updated>2020-06-23T15:00:45+02:00</updated>
- <content type="text">
-
-
-
- changeblog feed — social media²
-
-
-
-RSS is still a thing.
-
-Yes, there are more modern alternatives, like Atom or fancy json feeds. What I want to say is, feeds are still
-a thing.
-
-That's why you are now able to read my changeblog as an Atom feed.
-
-Now I just need to find enough time to write my posts.
-
-
-
-
-
+ <content type="text">
+
+
+
+ changeblog feed — social media²
+
+
+
+RSS is still a thing.
+
+Yes, there are more modern alternatives, like Atom or fancy json feeds. What I want to say is, feeds are still
+a thing.
+
+That's why you are now able to read my changeblog as an Atom feed.
+
+Now I just need to find enough time to write my posts.
+
+
+
+
+
</content>
</entry>
@@ -371,36 +371,36 @@
<id>https://sirjofri.de/changeblog/1590105600/</id>
<link href="https://sirjofri.de/changeblog/1590105600/"/>
<updated>2020-05-22T02:00:00+02:00</updated>
- <content type="text">
-
-
-
- I use 9front
-
-
-
-Today I want to share with you, that I use the plan9 distribution '9front' as my main computer.
-
-Of course there are things that are almost impossible to do there, for example: all gamedev related stuff.
-This is of course an issue, because I am a game developer. I still have my windows machine with relevant
-tools, so I can still fiddle around with those complex things.
-
-For gaming I also use my windows machine or some game console. Yes, there are a few games on plan9
-systems.
-
-Also most online services use javascript and heavy styling of webpages, so I also use a modern computer
-with a modern browser. Mothra is fine for doing basic research stuff, but in 2020 it's almost impossible to
-actually do things on the web.
-
-Anyways, let me tell you that I don't really miss anything on plan9. I can write documents, check my email
-stuff, chat with people, and step by step it becomes more usable. The community is helpful and provides
-more applications. The system runs stable, the user interface is consistent and good to look at. Colors don't
-jump in your eye and want to kill you and there's catclock(1), our friendly companion.
-
-
-
-
-
+ <content type="text">
+
+
+
+ I use 9front
+
+
+
+Today I want to share with you, that I use the plan9 distribution '9front' as my main computer.
+
+Of course there are things that are almost impossible to do there, for example: all gamedev related stuff.
+This is of course an issue, because I am a game developer. I still have my windows machine with relevant
+tools, so I can still fiddle around with those complex things.
+
+For gaming I also use my windows machine or some game console. Yes, there are a few games on plan9
+systems.
+
+Also most online services use javascript and heavy styling of webpages, so I also use a modern computer
+with a modern browser. Mothra is fine for doing basic research stuff, but in 2020 it's almost impossible to
+actually do things on the web.
+
+Anyways, let me tell you that I don't really miss anything on plan9. I can write documents, check my email
+stuff, chat with people, and step by step it becomes more usable. The community is helpful and provides
+more applications. The system runs stable, the user interface is consistent and good to look at. Colors don't
+jump in your eye and want to kill you and there's catclock(1), our friendly companion.
+
+
+
+
+
</content>
</entry>
@@ -409,26 +409,26 @@
<id>https://sirjofri.de/changeblog/1578614400/</id>
<link href="https://sirjofri.de/changeblog/1578614400/"/>
<updated>2020-01-10T01:00:00+01:00</updated>
- <content type="text">
-
-
-
- Revived
-
-
-
-I updated my website to Uberspace 7, but not only this: I changed the whole webpage to make it more
-nine-friendly.
-
-My whole webpage management system is completely 9 based. I use oridb's git9 implementation and plan9
-tools, mk, sed, cat, …
-
-I also decided to change the main language of the website to English.
-
-
-
-
-
+ <content type="text">
+
+
+
+ Revived
+
+
+
+I updated my website to Uberspace 7, but not only this: I changed the whole webpage to make it more
+nine-friendly.
+
+My whole webpage management system is completely 9 based. I use oridb's git9 implementation and plan9
+tools, mk, sed, cat, …
+
+I also decided to change the main language of the website to English.
+
+
+
+
+
</content>
</entry>